The samba domain is what we authenticate with and what some of our PCs are joined to. The Windows server is pretty much a fresh install and is the proposed new home for the domain. Ideally I want the Windows server as the primary domain controller and the samba can serve as a backup. If this is risky or not well documented, I'd be okay (for now) with having the Windows server act as a backup domain controller for the samba server.

so you have to do it in steps... add a 2008r2 server as a DC, manually push your data to the temporary server, then drop the Samba machine, promote the 2008r2 machine to master roles and clean up the inevitable errors. Then you can add that 2012r2 server and it should relatively normal... Depending on how large your environment is it may just be easier to recreate the domain on the 2012r2 machine from scratch. Don't forget your backups and start it on a Friday afternoon. Good luck.

There's no such thing as PDC/BDC in AD based on >=Win2008 environments. All DC's are equal, except the ones set up as Read-Only DC's.

Keep in mind that replication in mixed Samba/Windows AD is done one direction only: from Windows to Samba Server. If you have got something like Gluster FS to establish file system replication, DFSR will not work with it (obviously), so you need to solve it manually (I use Robocopy from Windows to Samba) and accept the fact it will also be one-direction only (no true replication).

Which Samba version is it? You can join an existing Windows 2012 server, like the document you linked also states, into the domain and then promote the services on it. Then you might have to remove the Samba PDC and add it again to be sure the AD is functional.

You could replicate the steps in a separate (virtual) network to see if it works. Just copy all of Samba's files (/var/lib/samba and different locations based on what distribution you use – which you didn't mention btw) to the VM and make sure the OS and Samba version is exactly the same. Then you'd try adding the Windows Server and if it works, reinstall or reset it and do it again in the "real" domain.

It is Samba 4.11.11 The site you linked contains the reason I'm worried about doing this:

"Samba based AD currently doesn't support joining a Microsoft Windows Server 2012 / 2012 R2 as a Domain Controller to a Samba Active Directory! Joining as a Member Server works. Follow the respective documentation.

This documentation describes necessary steps and workarounds, that are required for this task. Because of missing support of the 2012 / 2012 R2 AD schema in Samba, the join will break your installation!

This documentation is for research and debugging only, until all problems and limitations are fixed!

Use this this documentation only in labs for testing purposes and not in production, because this process will break replication and the AD database!!!﻿"

The way this reads it sounds like it's guaranteed not to work and will cause serious issues. I'll try to replicate this on a test domain....it will just take a long time to create an identical set-up to our current domain.

so you have to do it in steps... add a 2008r2 server as a DC, manually push your data to the temporary server, then drop the Samba machine, promote the 2008r2 machine to master roles and clean up the inevitable errors. Then you can add that 2012r2 server and it should relatively normal... Depending on how large your environment is it may just be easier to recreate the domain on the 2012r2 machine from scratch. Don't forget your backups and start it on a Friday afternoon. Good luck.

1

This discussion has been inactive for over a year.

You may get a better answer to your question by starting a new discussion.